Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast Migrating Customers To DNSSEC Resolvers

Soulskill posted more than 3 years ago | from the must-be-easier-to-throttle dept.

Networking 196

ctg1701 passes along this quote from a Comcast announcement: "Starting today we will begin migrating customers who have opted out of our Domain Helper service over to our production DNSSEC-validating servers. This will happen first in a selected part of our Virginia network, and will later expand to all markets in the following sixty days, at which point all of our customers who have opted out of Domain Helper will be migrated. After this has been completed, we will migrate the rest of our customers, which we anticipate will stretch into the early part of 2011."

cancel ×

196 comments

This is great news (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33939064)

for first posters
.
.
frost
.
but for comcast customers, you're fucked. comcast blows and will surely fuck this up big time, leaving your site in ruins

migrate (1, Funny)

jsnipy (913480) | more than 3 years ago | (#33939084)

You really should be migrating off of Comcast

Re:migrate (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33939160)

My other choice being.... dialup.

Comcast sucks, but it is the only choice for many of us. Competition doesn't work if there isn't any.

Re:migrate (0, Redundant)

jsnipy (913480) | more than 3 years ago | (#33939250)

you have a good point

Re:migrate (1)

zero_out (1705074) | more than 3 years ago | (#33939526)

Same here. Well, satellite and 1.5 Mbps DSL, but they might as well be dial-up. Comcast's 22 Mbps is the only reasonable choice, I'm sad to say.

Re:migrate (1)

Ardx (954221) | more than 3 years ago | (#33940138)

Tell me about it. I have the choice of Crapcast, Qwest dialup (because 10 years to fix the reason my local neighborhood can't get dsl, but residences to the north, south, east and west are all able to), Hughes, and Clear wireless are my options. I almost went to clear, but after looking at thier support forums... well.

Re:migrate (1)

commodore64_love (1445365) | more than 3 years ago | (#33940352)

The US should be breaking-up these monopolies, the same way it broke-up the AT&T monopoly.

Also: 1.5 is it? My DSL goes up to 7.0 guaranteed, although I opted for the cheaper and slower $15 plan.

Re:migrate (0)

Anonymous Coward | more than 3 years ago | (#33940502)

The US should be breaking-up these monopolies, the same way it broke-up the AT&T monopoly.

Even if they broke up ComCast, that wouldn't guarantee competition in each region, it would just give the newly spawned mini-ComCast companies regional monopolies.

Re:migrate (1)

Osgeld (1900440) | more than 3 years ago | (#33940718)

they sold me 6, couldn't do it, maxed out at 1.5, and now it cant even sustain 256kbs, comcast gets 15 out here

Re:migrate (1)

Nadaka (224565) | more than 3 years ago | (#33940240)

My other choice at the moment is tethering my phone at around 300 Kbps due to low signal quality. If I had 4g in my area, you bet I would drop cable in a heartbeat.

Re:migrate (5, Informative)

Anonymous Coward | more than 3 years ago | (#33939566)

If you're stuck with Comcast, there's an "alternative" that's often the best way to go: Comcast Business Internet service. It's run by a separate division of the company from the residential services, one that actually has competition and a decent customer service mindset. The business side also seems to completely avoid stupid stuff like Domain Helper in the first place. For those of you who still use TV or want other Comcast services, note that you can (and want to) mix-and-match Residential and Business services. For example, Residential for TV and Business for Internet -- the business rep who set up my account actually called this out and recommended it to avoid unnecessary restrictions on TV use applied to business accounts (e.g. no DVRs, etc.).

Re:migrate (3, Interesting)

Anonymous Coward | more than 3 years ago | (#33939918)

http://consumerist.com/2010/09/comcast-wont-give-me-tv-service-because-im-a-home-business-customer.html [consumerist.com]

"Comcast won't give me TV service because I'm a home business customer"

Re:migrate (1)

beadfulthings (975812) | more than 3 years ago | (#33940670)

I signed up for something they call the "home business triple play" that provides business Internet and phone service with residential TV. The service is basically a hundred bucks a month plus an extra five for a toll-free number and some additional charges for HBO and a second TV hookup. We're still saving a lot over our previous Comcast TV and Internet plus Vonage phone.

The downside is that I've been trying since June to opt out of their Domain Helper, which mysteriously re-appeared along with the new business account. After hours on the phone over a protracted period of about six weeks, the bottom line seems to be that I can't opt out. This has infuriated me, and I would throw them over if I had an alternative. They can't or won't understand that all I want from them is reliable TV reception and a connection to the Internet. I don't need them to be my Internet daddy, and the only time I want to know they're there is when I have a problem or need to pay the bill. I suspect if they could get that through their thick, idiotic heads, they'd probably attract a few more business users.

Re:migrate (4, Informative)

AstynaxX (217139) | more than 3 years ago | (#33940880)

I opted out of Domain Helper by using manually configured DNS servers, OpenDNS at the moment. It seems if you manually migrate to their DNSSEC servers, Domain Helper goes away, as according to the FAQs the two are incompatible.

Re:migrate (4, Informative)

icebike (68054) | more than 3 years ago | (#33940910)

Opting out of domain helper is as simple as changing your DNS servers in your router. Mine point to a OpenDNS (paid), and allow me to block a lot of advertising popups and under-lines.

Google also supplies free DNS servers (8.8.8.8 ).

To do this, I just bridged my router (The comcast business service box), they even told me how to do this. Then I use my own linux box to handle routing. But you can also set up your own dns sources using their box if you want.

The Business services bunch are a whole lot easier to deal with than the home services people.

Re:migrate (5, Informative)

Anonymous Coward | more than 3 years ago | (#33940770)

Which is false. Im posting AC because I work in "Business Services" at comcast..

I don't know about this specific case but I do run in to this with "home office" accounts alot.

My bet his he wanted Business class internet and "Residential TV" at "Residential TV" costs.

The difference between Res and Biz TV? Well here in Connecticut mainly the COST.
It doesn't matter if its a night club or a guy running a WebDev company our of his attic...its a commercial account.
Biz class tv costs ALOT more then normal TV.
Biz class tv has all sorts of crazy rules and extra fee's to the content providers.
We can not offer VOD/"Pay Per-View" because the content providers are worried you will order it at your BAR and show everyone there for free...or charge at the door.
We can not offer DVR service because the content providers don't want you skipping all the commercials in your packed restaurant.
We can not offer Adult Content (PlayBoy/Spice/etc) to places of business because of the agreements we have with the city. (think of the children!)
on and on..

My bet is the guy in that linked story did not want to pay all this extra money for "less" TV.
The work around is simple: You get 2 account numbers,2 drops, and 2 bills. One is the biz-class internet which your company pays for and the other is your home TV.
Makes doing the taxes simple and if your company is paying you to telecommute you just hand them the whole Biz internet bill.

From what I can tell comcast doesn't care all that much about pushing Biz Class TV(at least in this state) because its to much of a PITA with the regs/fee's and in the end we don't make all that much on it.Not being able to put "upsells" on it like DVR/VOD hurts. The only thing its really good for is keeping ATT/DISH/etc OUT of your company and getting us in the door with the internet/phone.

Re:migrate (2, Insightful)

bastion_xx (233612) | more than 3 years ago | (#33940782)

Do it the other way around, that's what we've done for our employees. First they order Comcast cable only (any package) if they so desire. Some are on satellite and have opted not to do that. Then you order Comcast Business and tie it to your company but the service address is the employee's house. They are more than happy to do that and the few times we've called them to resolve issues that required a truck roll, the tech wasn't a contractor but an actual Comcast employee who knows the the business service. We have consistent quality and service on 12, 22, and 50 Mb connections. When comparing the lost time and IT staff required to resolve issues when we let home users use the residential services (Cable or HellSouth, err AT&T) to the increased cost of service, it continues to pay for itself.

Re:migrate (3, Interesting)

Fallon (33975) | more than 3 years ago | (#33939600)

I don't understand all the hate for Comcast, at least here in Colorado Springs. In the past year and a half I've had service with them I've had less than a couple of hours of downtime (at least that was their fault and not me fiddling with my router). Good bandwidth & pings, who could as for more. It really blew me away after spending the past decade on military bases in the middle of nowhere overseas or downrange (1 second+ ping times, 10-30% packet loss, modem class bandwidth).

Re:migrate (2, Interesting)

ZorinLynx (31751) | more than 3 years ago | (#33939968)

Location location location.

If you're in an area with a simple or recently updated cable plant, where there's less customers on each node, you will have absolutely excellent performance, like myself.

If you're in an area with 20 year old cable plant that has corroded/loose fittings, bad or marginal amplifiers and other equipment that hasn't received enough love lately, it will be comparable to the sort of Internet access you would receive in hell. Dropped packets, modem resyncing, and so on.

Also, another customer on the same node with bad equipment spewing noise into the upstream channel can also knock you offline. This happens from time to time, resulting in a poor internet connection until the cable company can track down the offending equipment and remove it or disconnect the customer. People stealing cable can also degrade a network, though thankfully with systems going digital and less analog (stealable) service this is less of a problem now.

So basically, it's all up to luck whether cable internet (on any provider) is reliable or not.

Re:migrate (1)

commodore64_love (1445365) | more than 3 years ago | (#33940412)

>>>another customer on the same node with bad equipment spewing noise into the upstream channel can also knock you offline

I'm glad I don't have to share the line on my DSL.

Re:migrate (1)

tepples (727027) | more than 3 years ago | (#33941016)

I'm glad I don't have to share the line on my DSL.

But how much did it cost to move into range?

Re:migrate (0)

Anonymous Coward | more than 3 years ago | (#33939978)

We hate them because they used to block (in their lingo "throttle") bittorrent.

Re:migrate (1)

dch24 (904899) | more than 3 years ago | (#33939982)

I can't fill you in on all the shenanigans that Comcast has been up to. Not enough time, and tl;dr.

Still, I am one of those people who will never buy Comcast. I won't move into a neighborhood where they have a monopoly. Take that, real estate prices!

Re:migrate (1, Funny)

Anonymous Coward | more than 3 years ago | (#33940994)

I can't fill you in on all the shenanigans that Comcast has been up to. Not enough time, and tl;dr.

Here ya go [wikipedia.org]

Re:migrate (2, Funny)

Anonymous Coward | more than 3 years ago | (#33939614)

Yeah, I'll just migrate off Comcast over to that other cable company that offers service right alongside the existing monopoly.

Re:migrate (1)

thesequoiad (895977) | more than 3 years ago | (#33939680)

I've been using Comcast cable internet (and the predecessors) since mid 1999. I've loved it.

Re:migrate (2, Interesting)

gad_zuki! (70830) | more than 3 years ago | (#33940548)

>You really should be migrating off of Comcast

So the local telco monopoly is somehow better than the local cable monpoly? Err, seriously? I have dozens of AT&T horror stories and only a couple Comcast ones. Just getting AT&T installed anywhere is this Kafkaesque experience of dealing with multiple departments, multiple liars, multiple lazy no shows, etc who when instructed basic things "This is a new condo, thus you'll need to do more than just terminate at the demarc outside" they just pass the work onto other departments who just pass it back while you're taking off work waiting for them to do anything. With Comcast you deal with a much smaller bureaucracy.

I'm not even going to go into how Comcast business services sells me a 40mbps line for $99 and when I call support I get an American who either knows his shit or will connect me to someone who does without protest. Last time I called about the local telco, I got passed around to something like 4 or 5 departments before anyone even knew what a PTR record was. My first call to Comcast about PTR changes? "Sure, I can do that for you."

I'm not sure why there's this default love of the local telco, but its a bunch of shit. In many markets Comcast is the superior product, and by a long shot.

Re:migrate (1)

Osgeld (1900440) | more than 3 years ago | (#33940678)

I am going to comcast, I am beyond frustrated with ATT, for nearly a month my 1.5mb line has mostly been under 200k, and I have fought with these people nearly every night, they suckered me out of 80$ for a new modem (which is on its way back now) which did nothing, the dipshit says to me last night "you might need a new modem"

so I snapped yelled at him etc, and finally got him to start scheduling a lineman to come out, then he tells me that if they find nothing (I guess its in my head that it takes google 40 seconds to load) that it would be another 80$ for a service charge

so wait, if its one of the 3 times during the day that its working right, not only do I get 80$ billed to me, but I get to keep my worthless shit internet and argue with another call center monkey for an hour! F-U

cable modem is in the mail, and I am saving 10 bucks a month

besides whats my other choice dialup?

Re:migrate (1)

Osgeld (1900440) | more than 3 years ago | (#33940702)

oh, and I am dropping my att celphone, my pace of work is in a deadzone, but yet every single body's non ATT phone works like a charm

What is this? (1)

mark72005 (1233572) | more than 3 years ago | (#33939114)

For those of us on Comcast, what does this mean?

Whenever I am offered the opportunity to opt out of something by a company, I know it's probably a good idea to opt out.

Also, I've had very flaky internet service the past week or so, although I am not in this market (Minneapolis area). My equipment all seems to work fine, and of course there could be any number of causes, but this seems interesting.

Re:What is this? (1)

Entropius (188861) | more than 3 years ago | (#33939158)

My parents have had intermittent connectivity in Alabama these last few days, which is a Big Deal since they have Vonage for phone service. Comcast blames it on the analog-digital switchover, which is horseshit.

Re:What is this? (1)

rakuen (1230808) | more than 3 years ago | (#33939204)

30 seconds of searching says it's Domain Name System Security Extentions (DNS SEC). It's essentially what it says on the tin. Hopefully someone with more extensive knowledge can respond.

Re:What is this? (2, Informative)

AdmiralXyz (1378985) | more than 3 years ago | (#33939256)

If you haven't opted out of Domain Helper ("helpfully" redirecting your 404's to advertising), it doesn't mean anything yet. If you are, it means your DNS lookups are going to be done over a secure channel, which in theory makes it much more difficult to perform DNS redirection attacks (where you look up www.google.com but a hiacking means that you get back the IP address for http://ebay.spamwarezdeath.ru./ [ebay.spamwarezdeath.ru] In short, it's a Good Thing ;)

Re:What is this? (0)

Anonymous Coward | more than 3 years ago | (#33939362)

It's this thing [imageshack.us] .

Re:What is this? (0, Offtopic)

mark72005 (1233572) | more than 3 years ago | (#33939438)

Great.

Like I don't pay far, far, FAR above market for what I get from Comcast already (lack of other options...)

Re:What is this? (2, Insightful)

popeye44 (929152) | more than 3 years ago | (#33939742)

Which I am assuming matters not a whit to those of us using OpenDNS.

I've been extremely happy with Opendns so far. "and entirely unhappy with Comcast's opt-out method"

Re:What is this? (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33939282)

What this means is that COMCST is now going to tell their customers that your only allowed to visit websites that have joined the system. They may be selling this as security, but make no mistake this is also a huge control system. I may have to cancel my service with them, when this happens. The simply fact is you may have some legimate website who choose willfully NOT to partake in such a control scheme. I may need to visit such a site and COMCST is going to essentially tell me I can't visit that site. No thanks, I don't need a big brother. I'm an adult and I can take care of my own computers and I don't need COMCST protecting me. I don't give a crap what they say, I alone should have the right to decide where I can and can't go on the internet, unless of course you don't believe in freedom. Just give me the fully open internet service I pay for ya dern COMCST Commies!!! Quit interferring with my traffic.

-Anonymous Coward (yeah right like they can't track you down by your ip the way the RIAA is racketering everybody)

Re:What is this? (5, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939394)

What this means is that COMCST is now going to tell their customers that your only allowed to visit websites that have joined the system. They may be selling this as security, but make no mistake this is also a huge control system. I may have to cancel my service with them, when this happens. The simply fact is you may have some legimate website who choose willfully NOT to partake in such a control scheme. I may need to visit such a site and COMCST is going to essentially tell me I can't visit that site. No thanks, I don't need a big brother. I'm an adult and I can take care of my own computers and I don't need COMCST protecting me. I don't give a crap what they say, I alone should have the right to decide where I can and can't go on the internet, unless of course you don't believe in freedom. Just give me the fully open internet service I pay for ya dern COMCST Commies!!! Quit interferring with my traffic.

-Anonymous Coward (yeah right like they can't track you down by your ip the way the RIAA is racketering everybody)

You have clearly not read anything about DNSSEC and how this actually ensures you get the traffic you requested without anyone - including Comcast - interfering with your DNS requests. I highly recommend you read http://www.dnssec.comcast.net/faq.htm so you can understand why we are doing this and why the global Internet and DNS is moving to this standard.

Thanks

Chris
Comcast

Re:What is this? (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33939476)

Oh great. CCast sent shills already.

Re:What is this? (5, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939512)

Oh great. CCast sent shills already.

Actually I am one of the engineers that run the DNS at Comcast, but if you consider me a shill, so be it.

Re:What is this? (-1, Troll)

bsane (148894) | more than 3 years ago | (#33939622)

You do work for Comcast, and you do hijack all my dns queries, so yeah you're a shill.

I tried to opt out of your dns tampering, but it never worked, and I tired of talking to your support. If you guys are actually rolling something out that prevents you from intercepting and forging my dns queries I'm all for it. It'll be the first honest thing I've seen comcast do since my account was sold to them almost a decade ago.

If I ever have another broadband option Kabletown is getting the boot.

Have a nice day- hopefully you'll find a job somewhere that doesn't rape people financially via government backed monopoly.

Re:What is this? (-1, Troll)

bsane (148894) | more than 3 years ago | (#33940424)

Comcast must have a pretty active presence here- modded to oblivion because I engaged their rep in a public forum.

Re:What is this? (1)

ctg1701 (311736) | more than 3 years ago | (#33940558)

Comcast must have a pretty active presence here- modded to oblivion because I engaged their rep in a public forum.

That is actually pretty funny. At least you have a sense of humor :-)

Re:What is this? (1)

Neil Blender (555885) | more than 3 years ago | (#33939920)

Are you guys running any tests in Seattle at night? DNS lookups regularly fail after midnight and are generally really spotty from midnight on. It's not a connectivity issue because I can always ssh using an ip address even when my web browser can't load pages due to lookup failures.

Re:What is this? (2, Informative)

ctg1701 (311736) | more than 3 years ago | (#33940572)

Are you guys running any tests in Seattle at night? DNS lookups regularly fail after midnight and are generally really spotty from midnight on. It's not a connectivity issue because I can always ssh using an ip address even when my web browser can't load pages due to lookup failures.

No we are not running any tests and our DNS is up and responding. If you are having issues, I would suggest stopping by our customer forums at http://forums.comcast.net to get help.

Thanks

Chris
Comcast

Re:What is this? (1)

cecom (698048) | more than 3 years ago | (#33940378)

Good luck getting respect on Slashdot :-)

For what its worth, I have been a happy Comcast customer for years. My connection has been getting faster and recently (quite surprisingly) even more reliable.

I like how Comcast approached the IPv6 transition testing and I like what they are doing with DNSSEC.

Nothing is perfect in this world, of course, but you guys are doing a good job. So, thank you.

Re:What is this? (1)

Y.A.A.P. (1252040) | more than 3 years ago | (#33940644)

Since you are "one of the engineers that run the DNS at Comcast", can you answer a question is not answered by the FAQ that you have pointed everyone to:

Will your DNS servers running DNSSEC be implementing NSEC3 to regain some of the "security through obscurity" lost in the DNSSEC protocol?

I used to work for CableVision Chris (2, Interesting)

Anonymous Coward | more than 3 years ago | (#33940988)

Actually I am one of the engineers that run the DNS at Comcast, but if you consider me a shill, so be it." - by ctg1701 (311736) on Monday October 18, @06:07PM (#33939512)

Well, at least YOU admitted that you work for COMCAST Chris... HOWEVER:

You also didn't admit what I strongly suspect is true though (myself having worked for CableVision, a like member of your industry in telecommunications)... what is that? Well, ok!

That You are one of your staff, one of a VERY SELECT FEW in fact, who is ALLOWED to speak here on this issue, & others in your firm, specifically lower level techs is my guess, were also STRICTLY WARNED to steer clear of commenting on this publicly online, especially on largely travelled forums like this, or say, DSLReports.com & others like them, or highly trafficked sites like this one is...

Am I right?

Since you're thusfar showing a track-record of 'truth' here at this point?? I trust you will give us a straight answer on this much I just asked above... hopefully!

See, Chris, around here? You have to realize 1 thing: We're pretty aware of "how the show runs" for folks out of any large corporate entity... & that you people can & DO patrol largely travelled sites like this, especially when new news comes out that involves you & yours (COMCAST in this case).

Hell, even "industry notables" who have had enough of that type of crap have sounded-off on it here... & on the very account I am noting (paid trolls/shills etc.- et al) & here is an example thereof:

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @04:55PM (#33089192) Homepage Journal

http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192 [slashdot.org]

APK

P.S.=> Still, do I think you're doing this just to "cover comcast's behind"? No, I think you really MEAN what you're saying about COMCAST now going over to DNSSEC (probably a GOOD THING for you folks & your clientele hopefully)... but, my point is that I know PER MY SUBJECT-LINE NO LESS, just as Mr. Perens quoted above knows from his time @ HP, that only SOME FOLKS from large corporates are "allowed to talk" on various issues online publicly, and I have heard that "go down" myself in fact (but, not a paid shill/troll here, ever) - I am still willing to wager that you are 1 of your companies "Chosen Few" that were allowed to speak on this at all, period... am I right Chris? I wager I am... strongly (but, could be wrong, but... well, we'll see)... apk

Re:What is this? (1)

hardaker (32597) | more than 3 years ago | (#33940864)

Ok, here: I'm not with comcast and the original post was just insanely uninformed. Go read *anywhere* else about dnssec and you'll find that comcast will have a hard time figuring out how turning it on can be a bad thing.

Re:What is this? (-1, Troll)

acedotcom (998378) | more than 3 years ago | (#33939782)

lolwut? you clearly dont even know how it works....a DOMAIN KEY IS CHECKED AGAINST COMCASTS RECORDS TO VERIFY THE WEB ADDRESS. if it doesnt resolve, then you get gangbanged by ads. why am i not surprised that even comcast doesnt know how comcast's service work.

Re:What is this? (1)

andymadigan (792996) | more than 3 years ago | (#33940232)

I'm not a Comcast Shill, I don't like a comcast area, and I can definitively say that is not how DNS SEC works. Checking against a database like that would be the worst possible security system imagined since autorun-based DRM.

No one can be this stupid, GTFO troll.

Re:What is this? (0)

Anonymous Coward | more than 3 years ago | (#33940708)

You really should learn NOT to reply to trolls on slashdot. I know its hard because they intentionally try to involk false emotions, but it IS just all fakeso they can have a laugh at your expense.

Re:What is this? (0)

Anonymous Coward | more than 3 years ago | (#33939776)

Here's an idea, sizzle chest - don't use comcast name servers.

Re:What is this? (5, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939372)

For those of us on Comcast, what does this mean?

Whenever I am offered the opportunity to opt out of something by a company, I know it's probably a good idea to opt out.

Also, I've had very flaky internet service the past week or so, although I am not in this market (Minneapolis area). My equipment all seems to work fine, and of course there could be any number of causes, but this seems interesting.

DNSSEC security is an Internet standard and it means that we are enabling it for our domains and will validate others once it is rolled out globally. I suggest you read through http://www.dnssec.comcast.net/faq.htm which explains why we are rolling this out and what it means for our customers.

Thanks

Chris
Comcast

Re:What is this? (1, Offtopic)

Wyatt Earp (1029) | more than 3 years ago | (#33939882)

Stop posting press release posts.

Here is some non-Comcastic information - http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions [wikipedia.org]

Chris what is your non-biased take on Comcast forging TCP reset packets and terrible quality HD?

Re:What is this? (0, Offtopic)

commodore64_love (1445365) | more than 3 years ago | (#33940462)

>>>terrible quality HD?

And also feeding SD channels (like MTV) with the top/bottom chopped off to try and trick customers to think it is widescreen! Bastards. I get my HD programming off the antenna, which is typically 15 Mbit/s rather than Comcast's squeezed 7 Mbit/s HD.

Re:What is this? (1)

Wyatt Earp (1029) | more than 3 years ago | (#33940574)

I need to get an antenna for local HD, know of any good indoor antennas? We rent up here in Alaska, so an outdoor isn't going to work, at least for a year or two till we buy a place.

Pitchforks and torches. Nice job, /. (5, Insightful)

Caerdwyn (829058) | more than 3 years ago | (#33940562)

Chris what is your non-biased take on Comcast forging TCP reset packets and terrible quality HD?

Because guys that run DNS servers are obviously the guys who are responsible for video quality-of-service. Same field, and Comcast has only a couple of engineers running their entire network. I bet Chris also is responsible for designing their logos and what's in their cafeterias and whether the cable installers show up on time.

The topic is DNSSEC, not bandwidth caps or video compression or network traffic filtering.

I would have thought that having a primary source, an engineer relevant to the discussion, was welcome. Instead, it's an excuse to get out the haters. IT guys complain about how they're the ones that take the heat for corporate decisions which they don't control, but the moment it's someone else's IT guy, that person gets the heat for corporate decisions which they don't control. Nice consistency there. What's YOUR company, so we know who YOU are a "shill" for?

I'd be surprised if we hear from Chris again. I know I wouldn't come back. Screw Slashdotters, they don't want information or answers, they want scapegoats and straw men.

Whether Comcast, EFF or the Nazis use DNSSEC is irrelevant to the merits and flaws of DNSSEC. Whether Comcast uses DNSSEC is irrelevant to whether they use ad-readirectors for NXDOMAIN results.

By the way, I think I worked on the DNS server and service that Comcast is using for this, at my previous job. I guess that makes me a shill too. But I'll be damned if I'm going to share anything useful about it, even things that aren't under NDA, to Slashdot.

Re:Pitchforks and torches. Nice job, /. (2, Interesting)

Wyatt Earp (1029) | more than 3 years ago | (#33940598)

The dude from Comcast's rote answer to questions was to post links to Comcast's PR.

As for my company and who I shill for, that's easy. I'm a public sector education and video teleconferencing goblin in the 49th state. And I shill for children with low incidence disabilities who are using technology.

Re:What is this? (3, Interesting)

ctg1701 (311736) | more than 3 years ago | (#33940622)

Stop posting press release posts.

Here is some non-Comcastic information - http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions [wikipedia.org]

Chris what is your non-biased take on Comcast forging TCP reset packets and terrible quality HD?

Actually I have been working in the IETF to help provide better methods for P2P to work on ISP networks after the issues with the TCP reset packets a few years ago. I am sure you can look up some of the RFC items if you search for them.

If you have a problem with your HD quality, I suggest getting someone to come look at that. Given I am an Internet Engineer, I don't work on that side of the business.

Thanks

Chris
Comcast

Re:What is this? (4, Informative)

ctg1701 (311736) | more than 3 years ago | (#33940710)

Stop posting press release posts.

Here is some non-Comcastic information - http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions [wikipedia.org]

Chris what is your non-biased take on Comcast forging TCP reset packets and terrible quality HD?

I also should mention that reading Wikipedia isn't the most reliable source, although that one is fairly good. I might suggest looking at the following if you don't care for Comcast's write up:

https://www.dnssec-deployment.org/

or the RFCs:

http://tools.ietf.org/html/rfc4033
http://tools.ietf.org/html/rfc4034
http://tools.ietf.org/html/rfc4035

Thanks

Chris
Comcast

Re:What is this? (1)

ZorinLynx (31751) | more than 3 years ago | (#33940006)

One of the inherent problems with cable internet is that it's a shared medium. One bad fitting, or a customer with malfunctioning equipment can ruin the experience for EVERYONE on the node. And in some systems you can have thousands of customers on one node.

It's irritating that cable and DSL are the only options here, and DSL is from AT&T who refuses to provide anything faster than 6000/512k around here. I've been lucky so far on Comcast with my 16000/2000k business connection, but I just know that there WILL be problems eventually. It's the nature of a shared medium network that something will eventually fuck it up and be hard to track down.

Re:What is this? (1)

nurb432 (527695) | more than 3 years ago | (#33941002)

The way it sounds, opt-out is only for the short term anyway.

But i also wonder what practical issues its going to cause me on a daily basis.

opendns or google dns? (0)

Anonymous Coward | more than 3 years ago | (#33939144)

it isn't like there is a shortage of dns services that easily scale to your needs.

Re:opendns or google dns? (2, Informative)

afidel (530433) | more than 3 years ago | (#33939318)

OpensDNS has the same flaws as Comcast's Domain Helper service (ie does not return NXDOMAIN), GoogleDNS has some issues I can't remember and for us has pretty significant latency.

Re:opendns or google dns? (3, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939410)

OpensDNS has the same flaws as Comcast's Domain Helper service (ie does not return NXDOMAIN), GoogleDNS has some issues I can't remember and for us has pretty significant latency.

Currently neither support DNSSEC validation and with us enabling DNSSEC on our recursive resolvers, we are disabling Domain Helper. Please check out http://www.dnssec.comcast.net/faq.htm for more details.

Thanks

Chris
Comcast

Re:opendns or google dns? (1)

icebraining (1313345) | more than 3 years ago | (#33939530)

GoogleDNS with local cache works pretty well for me.

Re:opendns or google dns? (1)

jecowa (1152159) | more than 3 years ago | (#33939812)

Google is kind of creepy; they are like cyber stalkers. They want to read all our emails, see what we are searching for, log all our visited domains, know what places we are planning on visiting, track which YouTube videos we watch, transcribe our Google voice calls, and probably much more, so they can send us better targeted ads. Important: The previous statement was a collection of random and fictional thoughts from the author's imaginative head and is not deserving of a suit for libel.

Re:opendns or google dns? (1)

icebraining (1313345) | more than 3 years ago | (#33940422)

GoogleDNS doesn't share info with other Google systems.

Is any of the information collected stored with my Google account?
        No.
Does Google share the information it collects from the Google Public DNS service with anyone else?
        No.
Is information about my queries to Google Public DNS shared with other Google properties, such as Search, Gmail, ads networks, etc.?
        No.

Re:opendns or google dns? (1)

heypete (60671) | more than 3 years ago | (#33940772)

OpenDNS only does the "domain helper" thing for non-registered users.

Register for an account, specify the IP address (or range) that you'll be making queries from (e.g. your home router), and you can disable all of that. I've been doing that for years with no problems. Way better than Cox's DNS service, which rewrites all TTLs to 30s.

If your home router supports dynamic DNS updating, you can have the router update OpenDNS (I use their DNS-O-Matic service, which also updates DynDNS and EveryDNS) whenever your system gets a new IP address so the settings stick with you, even if the IP address changes.

domain helper? (2, Informative)

bhcompy (1877290) | more than 3 years ago | (#33939194)

Domain helper.. is that the crap that automatically relocates you to some ad serving search website when you input an unrecognized dns in the web browser? That kind of crap is why I switched to 4.1.1.1

Re:domain helper? (5, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939416)

Domain helper.. is that the crap that automatically relocates you to some ad serving search website when you input an unrecognized dns in the web browser? That kind of crap is why I switched to 4.1.1.1

We will be disabling Domain Helper on our recursive resolvers and you will also get DNSSEC validation by using our Anycast resolvers. There is no redirection and you will also get the protections enabled by DNSSEC.

Thanks

Chris
Comcast

Re:domain helper? (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33939556)

Do the suck your cock everytime you post here on a comcast related article?
Seriously man get a fucking life.

Re:domain helper? (2)

jecowa (1152159) | more than 3 years ago | (#33939540)

I use 4.2.2.1-6. It's twice as fast as my ISP's default DNS server and has no ads.

Meh ... 8.8.8.8 (1, Informative)

Anonymous Coward | more than 3 years ago | (#33939240)

My router is already set up to ignore Comcast's DHCP provided DNS, and use 8.8.8.8 and 8.8.4.4 anyway... Substitute your own favorite public DNS resolver (or install OpenWRT and use its djbdns if you prefer).

Re:Meh ... 8.8.8.8 (1, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939452)

My router is already set up to ignore Comcast's DHCP provided DNS, and use 8.8.8.8 and 8.8.4.4 anyway... Substitute your own favorite public DNS resolver (or install OpenWRT and use its djbdns if you prefer).

While you could do any of the following, Comcast DNS servers should provide a fast response and better localization than third party resolvers. We also will now have DNSSEC validation turned on to enable another level of security that none of the third party resolvers currently offer.

Hopefully you will give us a try and take a look at http://www.dnssec.comcast.net/faq.htm for details.

Thanks

Chris
Comcast

Re:Meh ... 8.8.8.8 (-1, Troll)

Trailwalker (648636) | more than 3 years ago | (#33939850)

What unmitigated crap. Business like Comcast do not reform, they just lie more and hire shills. Shills are cheaper than actual customer service reps.

Re:Meh ... 8.8.8.8 (1)

Maxo-Texas (864189) | more than 3 years ago | (#33940154)

Glad to see a nice calm response. Don't respond to trolls.

Understand comcast has some issues of behavior that users don't like and leave that for another day.

Re:Meh ... 8.8.8.8 (1)

QuoteMstr (55051) | more than 3 years ago | (#33939914)

My favorite resolver is 127.0.0.1. Running your own recursive DNS server is easy.

Some more information... (4, Informative)

cobrausn (1915176) | more than 3 years ago | (#33939244)

Had no idea what it was either until I read this. http://blogs.techrepublic.com.com/networking/?p=234 [com.com]

Re:Some more information... (1)

ctg1701 (311736) | more than 3 years ago | (#33939470)

Had no idea what it was either until I read this.

http://blogs.techrepublic.com.com/networking/?p=234 [com.com]

We have also put together an information site here: http://www.dnssec.comcast.net and an FAQ with additional details: http://www.dnssec.comcast.net/faq.htm.

Thanks

Chris
Comcast

a bit confused (1)

Anonymous Coward | more than 3 years ago | (#33939266)

what happens if the site doesn't want to sign up for dnssec? would comcast block communications with those sites? also it seems dnssec cost additional to the current cost for a site. (just putting that out there)

Re:a bit confused (3, Informative)

afidel (530433) | more than 3 years ago | (#33939348)

No, Comcast is going to offer DNS servers that properly handle DNSSEC including passing along signed root answers. It is up to the client whether they wish to accept or reject unsigned domains (or in the case of anti-spam appliances probably give additional weight to non-signed domains).

Re:a bit confused (1, Informative)

Anonymous Coward | more than 3 years ago | (#33939368)

It would work normally, just not protected by DNSSEC.

Ever since ROOT and COM were signed, any site that wanted to roll it out could.

Re:a bit confused (1)

ctg1701 (311736) | more than 3 years ago | (#33939488)

what happens if the site doesn't want to sign up for dnssec? would comcast block communications with those sites? also it seems dnssec cost additional to the current cost for a site. (just putting that out there)

If a site chooses not to sign their domain, then the DNS will work just like it does now and will not be validated. As for hosting sites, some of them may choose to charge for securing domains. You should check with your provider for additional details.

Thanks

Chris
Comcast

For Webmasters? (1)

djdevon3 (947872) | more than 3 years ago | (#33939268)

What does this mean for webmasters? Are all of us going to need DNSSEC keys on our websites or does this just apply to comcast's array of websites? I wasn't aware that DNS had any kind of security issue which would warrant a revamp. How will this affect the future of the web?

Re:For Webmasters? (2, Informative)

ctg1701 (311736) | more than 3 years ago | (#33939504)

What does this mean for webmasters? Are all of us going to need DNSSEC keys on our websites or does this just apply to comcast's array of websites? I wasn't aware that DNS had any kind of security issue which would warrant a revamp. How will this affect the future of the web?

This has little to do with websites and more to do with the zones in the DNS for the websites. This adds an additional layer to protect the DNS from attacks. I suggest if you want more information, please read the following: http://www.dnssec.comcast.net/faq.htm

Thanks

Chris
Comcast

This is a GOOD thing (3, Informative)

Anonymous Coward | more than 3 years ago | (#33939434)

I've been using these months while they've been available for testing. The very nature of DNSSEC kills the 404 helper service, and provides an extra level of security. For anyone that wants to use them now without being migrated automatically someday, just use 75.75.75.75 and 75.75.76.76 for the DNS.

Re:This is a GOOD thing (2, Interesting)

ctg1701 (311736) | more than 3 years ago | (#33939544)

I've been using these months while they've been available for testing. The very nature of DNSSEC kills the 404 helper service, and provides an extra level of security. For anyone that wants to use them now without being migrated automatically someday, just use 75.75.75.75 and 75.75.76.76 for the DNS.

Absolutely correct, and hopefully people realize that we want to make your Internet service a better and safer experience.

Re:This is a GOOD thing (0)

stonedcat (80201) | more than 3 years ago | (#33939586)

In the past few years your company has been actually making peoples internet experience worse.
Please excuse us all if we think you're completely full of shit..

Re:This is a GOOD thing (1)

jecowa (1152159) | more than 3 years ago | (#33939706)

I just tested out these servers. The ping is decent (~30ms), but the servers wouldn't resolve domains for me, however, I'm not on Comcast internet service. I like 4.2.2.1. The ping is ~25ms and there are no ads.

DNSSEC Service Resolvers (3, Funny)

Anonymous Coward | more than 3 years ago | (#33939534)

Am I tired already? I read that title as "Revolvers", and I wondered what the hell Comcast was doing selling handguns to people. For about thirty seconds. Then I wondered what the hell a "DNSSEC" revolver was for another thirty seconds. Then I smacked myself, re-read the thread title, and decided to make this utterly pointless post.

Sleep deprivation is a wonderful thing...

Re:DNSSEC Service Resolvers (1)

gujo-odori (473191) | more than 3 years ago | (#33939898)

Could be worse. I parsed "Virginia network" as "Vagina network" the first time :p

Re:DNSSEC Service Resolvers (1)

fast turtle (1118037) | more than 3 years ago | (#33940854)

you think that's bad? I had one the other day that was embarassing as hell. Read Cub Scouts as Cum Scouts on a bumper sticker.

The TL;DR; version, please? (1)

Kashell (896893) | more than 3 years ago | (#33940012)

Point by point:

Is DNSSEC a good thing? (Yes)
Do webmasters need a DNSSEC cert? (No, but it wouldn't be a bad idea. DNS works normally if you do not have one).
Will consumers get 404 redirect pages with DNSSEC? (Not sure here. I'm guessing -- No, because DNSSEC doesn't allow this?)
Will Comcast ever stop sucking? (Probably not.)

Re:The TL;DR; version, please? (0)

Anonymous Coward | more than 3 years ago | (#33940206)

Unless you are managing your own DNS server (which webmasters of large servers probably do...) you do not need to worry about DNSSEC. Well, that is, unless whoever is managing your DNS server isn't providing DNSSEC support automatically. If so, ask them about their timetable for implementing DNSSEC or just switch providers.

NXDOMAIN redirects would not be signed, so they have to be disabled when using DNSSEC. Comcast said disabling them would be part of the transition.

Location = experience (1)

dwreid (966865) | more than 3 years ago | (#33940450)

Your experience with Comcast is very likely related to where you are located. I live in a NW suburb of Chicago. Literally the very worst service I have ever received from any company was from Comcast. Outages that lasted for 2 to 3 weeks at a time. Outages several times a year. Technicians that I stayed home for waiting for them to arrive and they never came. Technicians who eventually came to the house and said "I don't know what's wrong" and left, and closed the ticket. (This happened more than once.) Bandwidth that made dialup look like a miracle it was so bad. Two different routers that literaly over heated and melted. (and yes they were in a ventilated area.) Replacement equipment that was used and dirty and didn't work. Comcast screwed with packets that belong to Skype to make sure the quality was terrible. (Oh but their VOIP brand was just fine.) The list goes on and on. It was so bad that I finally dumped my cable TV completely and switched over to AT&T business DSL. Mind you AT&T is not my favorite company either but the service is rarely if ever down and if I have a problem they fix it. DSL at 6 Mbps is better than Comcast 22 Mbps that delivers 150Kbps and is down more than up. So for those of you who have "never been happier with the amazing orgasmic experice that is Comcast" ... good for you. I certainly won't be doing business with them again anytime soon.

Thanks for telling me. (1)

wdhowellsr (530924) | more than 3 years ago | (#33940570)

I'm a Comcast subscriber and have had problems with DNS resolution. Just changed to the new DNS servers and magically it is about twenty times faster.

Cricket seems faster (1)

mdsolar (1045926) | more than 3 years ago | (#33940742)

I switched from Comcast to Cricket because the Comcast service was so unreliable. In the end, they could not even get a TV signal through reliably. But that is another story. What I notice though is that even when Comcast was working up to advertised speed, the name server delays were really bad. So, even with lower bandwidth, Cricket seems faster because their name servers work. Hope this move by Comcast makes an improvement.

Why should the unwashed masses care? (0)

Anonymous Coward | more than 3 years ago | (#33940888)

From the http://blogs.techrepublic.com.com/networking/?p=234/ [com.com] article:

Key signing should not be carried out online, so DNSSEC was designed to return a pre-signed report containing a range of names which do not exist; this could be signed offline and ahead of time.

Suddenly it's all very specific and yet somehow just incomprehensible.

I wonder if someone even knows what this means to the end user? I guess now I'll **have** to believe I'm actually on my bank's web site?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...